The keyId are generated randomly by autoEncryption when the collection is created. Therefore the encryptedFieldsMap in the configuration needs to be different for each environment (the same master key must not be used for dev and prod).

The goal is to specify the keyAltName for the key of each encrypted field (it could be generated from the namespace + field path).